Migrating MNT Reform to ArchLinux

By default MNT Reform2 laptop comes with Debian SID image. At least that's what I got with my DYI kit. The image comes on SD card, and by default the boot switch on SoM is set to boot from SD Card. SID is fairly bleeding edge, however I still feeling myself awkward working on Debian, even though the bleeding edge is one of the reasons I'm in favour of Arch Linux. Since I have NVME which is considerably faster than SDCard, I decided to combine migration to NVME drive with migration to Arch Linux. Also as there is no boot security so far, the migration will be to encrypted LUKS2 partitions (FDE).

Wed Feb 2 22:37:48 2022

A piece of Librem5 on my MNT Reform2

Despite my frequent ranting at Purism - don't take me wrong, I fully appreciate what they are doing. I just didn't like their communication strategy. Which finally improved and entered a state where I can say - yea ok, I understand. Other than that - their work at GTK/Gnome (libhandy which is now libadwaita, phosh/phoc, various userspace apps) is enormous, their effort at mainlining imx8m is impressive, all together allow me now using pinephone and MNT Reform2 laptop. This article is a demonstration of how the effort in kernel helps on MNT Reform.

Wed Jan 19 21:28:56 2022

Mobile i.MX8MQ Device

Christmas time is full of surprises, one of them was a new mobile device I got a Christmas morning, despite all the chip shortage and whatnot problems. The device is powered by NXP i.MX8MQ industrial SoC which combines 4 Arm A53 cores, 1 Arm M4F core and 1 Vivante GC7k Lite video core. And no, it is not Librem5 device which is supposed to be powered by the same SoC.

Mon Dec 27 17:27:42 2021 Upd.: Tue Dec 28 17:33:56 2021

Tinfoil session 2: Recovering secure boot vector

So having secure boot enabled with unified kernel image is great, but how to integrate it into OS lifecycle management? And how to do it without compromising the security? The simplicity at one place causes complexity at another.

Mon Dec 20 18:21:12 2021

Tinfoil session 1: Enabling secure boot vector on linux

While being a strong proponent of security and privacy I for long neglected one particular security vector on my laptops - secureboot, relying on compensating controls I put in place. SecureBoot was pushed on me by Microsoft so I naturally reflexly rejected it. Now however is a time to reconsider the stance, especially in view of much higher pressure on privacy and as result much deeper penetration of foreing networked compute elements around us (this is the place we put our tinfoil hat on).

Mon Nov 29 23:17:42 2021

Migrating from Gnome-Keyring to KeepasXC

I never though I'd come to this point, but here we are. Now I'll describe how I came to this point and how I migrated my GKR data to KPXC. Why I did it? Mainly because it just stopped working as it used to be. And I didn't manage (didn't have passion?) to make it working again as it has been before.

Wed Nov 10 21:12:55 2021

Pine Phone

Yes, you read it correct, we're still speaking about pinephone. Librem5 is still out there. Not in here. Regardless, Pine64 started selling CE upgrade for the braveheart and as soon as I figured that I decided to upgrade one of mine pine phones with 3GB. The upgrade is delievered as a new mainboard and for braveheart owners there's a discount. This week the board finally arrived to my post-office and they decided it's too big for them to deliver it (they always do it regardless of the size and weight, that's the way they work).

Sun Dec 6 23:11:34 2020 Upd.: Sat May 22 14:18:36 2021

Linux Phone

Aeons ago I've ordered a phone. A Librem Phone. Librem5 to be precise. It was all well forgotten history when all of a sudden last spring I got notification it has been delayed.

After that glorious event I've started monitoring the progress of the almost finishing development with greater interest which also led me to know there appered to be another project promising to deliver mainline linux phone in about half a year. The price tag was ridiculously low (comparing to L5) so I just gave it a shot - just in case.

Now last week you can imagine the degree of my bewilderment when I've received sealed envelop stating the customs office awaits for my decision on how to proceed with some electronic shipment to me, which clearly need tax clearance (if I want to proceed with the shipment).

Sat Feb 29 13:01:44 2020 Upd.: Wed Mar 4 17:23:48 2020

PS3 BD BT Remote

Once upon a time I've made XBMC based HTPC... And as any proper HTPC mine should also have a remote control.

Since my TV is Sony, the choice was obvious - Sony PS3 BD BT Remote - both remotes are almost the same which makes HTPC looks aesthetic.

Then however I've realised that despite being recognized as a generic HID keyboard, keys mapped to buttons aren't seen by Xorg (XInput to be precise). Second issue i found was related to battery power. Don't know how PS3 is properly handling it but I solved the problem by suspending the HID via explicit teardown of BT link.

Tue Oct 6 22:01:43 2009 Upd.: Sun Mar 5 13:33:03 2017

In continuation to this

DLV is gone. mobi zone is not yet signed. What to do? Wait and be prepared

Wed Dec 9 23:08:21 2015

Small footprint web server

Nowdays we're all concerned about environment and our impact on it. At the same time security concerns do not allow our conscience to agree on these cloud bells and whistles.

Luckily we have now available at the consumer segment low profile and power consumption platforms like Raspberry PI and others. Compare 1-2W of raspberry to at least 10-20W of any other HTPC. Such platforms however have certain resource restrictions.

Sun Nov 15 23:11:47 2015

PS3 BD BT Remote on Bluez5

Being tired of background noise caused by active cooling on HTPC, moved it off to Raspberry PI (B+).

As time moves forward there appears plethora of mobile apps for any platform doing convenient remote control of Kodi and its library. Hence I've actually stopped using PS3 BD BT remote.

Nevertheless recently decided to dust it off and connect again (using BT dongle on RPI)

Fri Oct 30 15:20:31 2015 Upd.: Sat Nov 14 14:11:16 2015

IPSec with DNSSEC v2

Back to our business. On 11 Oct a patch to enable DNSSEC protected DANE CERTs was merged to StrongSWAN's upstream so now you can have interoperability between racoon and strongswan if you need to use CERTs for easy deployment.

The approach is pretty the same, only with StrongSWAN you have additional DNSSEC validation (racoon blindly trusts underlying DNSSEC implementation).

Sat May 10 12:03:26 2014

BlueZ 5

Life goes on, everythng changes. With new bluez tree fakehid was completely wiped out from bluetoothd userspace. Now, thanks to David Dillow ps3bt code lives in HID kernel code since commit 5844c1cdb630b537a2ecdf74dab2985e51dc1bd9. Let see how it works...

Sat Nov 10 23:17:31 2012 Upd.: Sat Oct 5 15:16:20 2013


Since future has come, we need to pace ahead and utilize its merits. One of the benefits of having DNSSEC is independence in making own certs (with DANE) and simplified roll-out of those certs (with CERT RR).

Wed Aug 14 08:43:41 2013

PulseAudio - Connecting the fridge

Granted the fridge has audio components of course...

Now, once we have our audio bus on Jack's shoulders, we can read more good ideas on how to live in this changing world.

Sat Jun 16 09:13:54 2012 Upd.: Sat Aug 3 12:08:37 2013

Package cleanup: tiny hints

If you use some system for long enough, passing through various release upgrades, installing and uninstalling packages - basically living and using - your system might start be bloated with various remnants of dependencies, unneeded packages, dragging back some relicts or even blocking some new deps. Very unpleasant fact.

Sat Jan 26 17:57:42 2013 Upd.: Sat May 25 10:04:36 2013

GPT - doing things right

To be honest - I'm absolutely not an authority to teach how to do things right in GUID Partition Table. But I did it wrong, and I corrected it, so maybe someone will find it useful.

Wed May 8 23:41:10 2013

Glibc IPv6 bug

While working on jack IPv6 network stack I've trapped onto bizarre getaddrinfo() behaviour - it was returning me address families in wrong order for passive nameless request. It appears people were trapping onto this bug since 2009 (at least that far I found references to this behaviour in mail-lists).

Mon Mar 4 00:06:35 2013 Upd.: Sat Mar 9 11:05:16 2013

System Jack Service

What if we want to set jack to be system service? I know, I know, I read all the fine manuals and a reason behind avoiding system sound daemon, whether it is pulse or jack. But hey - this is my PC, don't tell me what I cannot do!

Sun Feb 3 02:14:31 2013 Upd.: Sat Feb 9 21:31:57 2013


In such a small setup something like pim or mospf is just too much, however i found that igmpproxy is just too little for me. So I'm using smcroute. This daemon is for static multicast routing which is just what I need for my single-router home setup. One minor issue though - startup for this piece of software is really poor.

Sun Feb 21 18:59:02 2010 Upd.: Sat Feb 9 14:51:46 2013


Quality of service may be not as critical part of home network as connectivity and security, however could really help of you're using some realtime services like VoIP

The same approach is used here for QoS setup, script below simply applies predifened set of tc rules:

Sun Feb 21 18:51:22 2010 Upd.: Sat Feb 9 14:51:35 2013

Network device without IPv6? Nonsense, I tell you. Look which year it is. If your ISP is retarded - keep the pace with

IPv6 Tunnel Broker

Sun Feb 21 18:16:34 2010 Upd.: Sat Feb 9 14:51:15 2013

ifupdown and dhclient for ipv6

If you're using dhcp for both ipv4 and ipv6 on ubuntu with wifi/wpa_supplicant you might have faced with weird issue with ifdown trying to release v6 (or v4, depends on ordering) lease and it finally hangs - since previous address family already brought interface down.

Fri Dec 28 12:27:32 2012 Upd.: Sat Feb 9 14:50:45 2013


Once upon a time I've made XBMC based HTPC... oh, sorry, you know that story, do you?

Well, next thing I found was that pulseaudio was not working (it is really poorly documented, and that time I didn't have a clue how to deal with it). So I removed pulse leaving XBMC on pure ALSA. Which was working perfectly till it became too limited for me and my audio preferences. This was a time I got acquainted with JACK.

Now I can handle easily and conveniently pulseaudio, after breaking my head through scattered across the internet information, but it is the subject for another story. Because first we need to bind together XBMC and JACK using...

Fri Jun 15 11:43:12 2012 Upd.: Sat Feb 9 14:47:33 2013


Well, you know my attitude to the wierd "complex" stuff guys are tending to make from pure, clean and perfect by itself iptables rules. I really can't get it. So here it is.

Sun Feb 21 18:10:52 2010 Upd.: Sat Dec 22 21:51:27 2012


Here I'm just listing some upstart scripts I've written to manage tasks not assumed by default configuration


I dont want to use some weird bloatware just to install couple of rules I need to protect my machine. So here we go...

Sat Jan 10 02:04:21 2009 Upd.: Wed Dec 19 00:21:33 2012
© ruff 2011